High severityNVD Advisory· Published Jan 18, 2022· Updated Jul 7, 2025
Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
CVE-2022-23302
Description
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
JMSSink in Log4j 1.x deserializes untrusted data via JNDI, leading to RCE when attacker controls configuration or LDAP service.
Vulnerability
JMSSink in all versions of Log4j 1.x (1.0 through 1.2.17) is vulnerable to deserialization of untrusted data when an attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker controls. This component is not enabled by default. [1][4]
Exploitation
An attacker with write access to the Log4j configuration can set the TopicConnectionFactoryBindingName property to a malicious JNDI URI. Alternatively, if the configuration already references an attacker-controlled LDAP service, the attacker can manipulate the data in that LDAP store. When JMSSink processes the configuration, it performs a JNDI lookup that deserializes untrusted data, leading to remote code execution. This attack vector is similar to CVE-2021-4104. [1][4]
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the application using Log4j, resulting in full compromise of confidentiality, integrity, and availability. [1][4]
Mitigation
Apache Log4j 1.x reached end of life in August 2015 and no patches will be released. Users must upgrade to Log4j 2, which addresses this and other security issues. As a workaround, remove or disable any JMSSink configuration in Log4j 1.x deployments. [2][3][4]
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
log4j:log4jMaven | <= 1.2.17 | — |
org.zenframework.z8.dependencies.commons:log4j-1.2.17Maven | <= 2.0 | — |
Affected products
180- osv-coords179 versionspkg:apk/chainguard/druid-compatpkg:apk/wolfi/druid-compatpkg:maven/log4j/log4jpkg:maven/org.zenframework.z8.dependencies.commons/log4j-1.2.17pkg:rpm/almalinux/parfaitpkg:rpm/almalinux/parfait-examplespkg:rpm/almalinux/parfait-javadocpkg:rpm/almalinux/pcp-parfait-agentpkg:rpm/almalinux/si-unitspkg:rpm/almalinux/si-units-javadocpkg:rpm/almalinux/unit-apipkg:rpm/almalinux/unit-api-javadocpkg:rpm/almalinux/uom-libpkg:rpm/almalinux/uom-lib-javadocpkg:rpm/almalinux/uom-parentpkg:rpm/almalinux/uom-sepkg:rpm/almalinux/uom-se-javadocpkg:rpm/almalinux/uom-systemspkg:rpm/almalinux/uom-systems-javadocpkg:rpm/opensuse/kafka&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kafka-kit&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kafka-kit&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/log4j12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/log4j&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/elasticsearch&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/elasticsearch&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/elasticsearch&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/elasticsearch&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/elasticsearch&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kafka&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/kafka-kit&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/log4j12&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/log4j12&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/log4j12&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/log4j12&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/log4j&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/log4j&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/log4j&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/log4j&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/log4j&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/log4j&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/logstash&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-monasca-agent&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-monasca-log-metrics&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-log-metrics&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-log-metrics&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-log-persister&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-log-persister&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-log-persister&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-log-transformer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-log-transformer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-log-transformer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-persister-java&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-persister-java&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-persister-java&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-monasca-persister-java&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-persister-java&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-monasca-thresh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-thresh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-thresh&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-monasca-thresh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-thresh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/spark&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zookeeper&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 34.0.0-r6+ 178 more
- (no CPE)range: < 34.0.0-r6
- (no CPE)range: < 34.0.0-r6
- (no CPE)range: <= 1.2.17
- (no CPE)range: <= 2.0
- (no CPE)range: < 0.5.4-4.module_el8.5.0+235+62ea7738
- (no CPE)range: < 0.5.4-4.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 0.5.4-4.module_el8.5.0+235+62ea7738
- (no CPE)range: < 0.5.4-4.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 0.6.5-2.module_el8.5.0+235+62ea7738
- (no CPE)range: < 0.6.5-2.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 1.0-5.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 1.0-5.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 1.0.1-6.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 1.0.1-6.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 1.0.3-3.module_el8.5.0+235+62ea7738
- (no CPE)range: < 1.0.4-3.module_el8.5.0+235+62ea7738
- (no CPE)range: < 1.0.4-3.module_el8.5.0+235+62ea7738
- (no CPE)range: < 0.7-1.module_el8.5.0+235+62ea7738
- (no CPE)range: < 0.7-1.module_el8.5.0+2610+de2b8c0b
- (no CPE)range: < 2.1.0-bp153.2.6.1
- (no CPE)range: < 2.1.0-bp153.2.6.1
- (no CPE)range: < 2.1.0-3.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 2.4.2-5.6.1
- (no CPE)range: < 2.4.2-5.6.1
- (no CPE)range: < 2.4.2-6.6.1
- (no CPE)range: < 2.4.2-5.6.1
- (no CPE)range: < 2.4.2-6.6.1
- (no CPE)range: < 0.10.2.2-5.12.1
- (no CPE)range: < 0.10.2.2-5.12.1
- (no CPE)range: < 0.10.2.2-3.5.1
- (no CPE)range: < 0.10.2.2-5.12.1
- (no CPE)range: < 0.10.2.2-3.5.1
- (no CPE)range: < 2.1.0-bp153.2.6.1
- (no CPE)range: < 2.1.0-bp153.2.6.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.17-4.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.15-26.32.20.1
- (no CPE)range: < 1.2.15-26.32.20.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.17-5.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 1.2.15-126.9.1
- (no CPE)range: < 2.4.1-5.10.1
- (no CPE)range: < 2.4.1-5.10.1
- (no CPE)range: < 2.4.1-7.6.1
- (no CPE)range: < 2.4.1-5.10.1
- (no CPE)range: < 2.4.1-7.6.1
- (no CPE)range: < 2.2.6~dev4-3.27.1
- (no CPE)range: < 2.2.6~dev4-3.27.1
- (no CPE)range: < 2.8.2~dev5-3.18.1
- (no CPE)range: < 2.2.6~dev4-3.27.1
- (no CPE)range: < 2.8.2~dev5-3.18.1
- (no CPE)range: < 0.0.1-3.3.1
- (no CPE)range: < 0.0.1-3.3.1
- (no CPE)range: < 0.0.1-3.3.1
- (no CPE)range: < 0.0.1-5.3.1
- (no CPE)range: < 0.0.1-5.3.1
- (no CPE)range: < 0.0.1-5.3.1
- (no CPE)range: < 0.0.1-4.3.1
- (no CPE)range: < 0.0.1-4.3.1
- (no CPE)range: < 0.0.1-4.3.1
- (no CPE)range: < 1.7.1~a0~dev2-3.9.1
- (no CPE)range: < 1.7.1~a0~dev2-3.9.1
- (no CPE)range: < 1.12.1~dev9-15.1
- (no CPE)range: < 1.7.1~a0~dev2-3.9.1
- (no CPE)range: < 1.12.1~dev9-15.1
- (no CPE)range: < 2.1.1-4.6.1
- (no CPE)range: < 2.1.1-4.6.1
- (no CPE)range: < 2.1.1-5.6.1
- (no CPE)range: < 2.1.1-4.6.1
- (no CPE)range: < 2.1.1-5.6.1
- (no CPE)range: < 1.6.3-8.12.1
- (no CPE)range: < 1.6.3-8.12.1
- (no CPE)range: < 2.2.3-5.9.2
- (no CPE)range: < 1.6.3-8.12.1
- (no CPE)range: < 2.2.3-5.9.2
- (no CPE)range: < 1.2.3-3.11.2
- (no CPE)range: < 1.2.3-3.11.2
- (no CPE)range: < 1.2.3-3.8.1
- (no CPE)range: < 1.2.3-3.11.2
- (no CPE)range: < 1.2.3-3.8.1
- (no CPE)range: < 5.1.1~dev7-12.40.1
- (no CPE)range: < 5.1.1~dev7-12.40.1
- (no CPE)range: < 5.0.2~dev3-12.41.1
- (no CPE)range: < 5.0.2~dev3-12.41.1
- (no CPE)range: < 7.0.1~dev24-3.33.1
- (no CPE)range: < 9.0.8~dev7-12.38.1
- (no CPE)range: < 9.0.8~dev7-12.38.1
- (no CPE)range: < 11.2.3~dev29-14.42.1
- (no CPE)range: < 11.2.3~dev29-14.42.1
- (no CPE)range: < 13.0.10~dev23-3.36.1
- (no CPE)range: < 5.0.3~dev7-12.39.1
- (no CPE)range: < 5.0.3~dev7-12.39.1
- (no CPE)range: < 7.0.2~dev2-3.33.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.36.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.36.1
- (no CPE)range: < 15.0.3~dev3-12.39.1
- (no CPE)range: < 15.0.3~dev3-12.39.1
- (no CPE)range: < 17.0.1~dev30-3.31.1
- (no CPE)range: < 9.0.8~dev22-12.43.1
- (no CPE)range: < 9.0.8~dev22-12.43.1
- (no CPE)range: < 11.0.4~dev4-3.33.1
- (no CPE)range: < 12.0.5~dev6-14.46.1
- (no CPE)range: < 14.1.1~dev11-4.37.1
- (no CPE)range: < 12.0.5~dev6-14.46.1
- (no CPE)range: < 9.1.8~dev8-12.41.1
- (no CPE)range: < 9.1.8~dev8-12.41.1
- (no CPE)range: < 11.1.5~dev17-4.31.1
- (no CPE)range: < 12.0.4~dev11-11.43.1
- (no CPE)range: < 12.0.4~dev11-11.43.1
- (no CPE)range: < 14.2.1~dev7-3.34.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.40.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.40.1
- (no CPE)range: < 7.2.1~dev1-4.33.1
- (no CPE)range: < 5.1.1~dev5-12.45.1
- (no CPE)range: < 5.1.1~dev5-12.45.1
- (no CPE)range: < 7.4.2~dev60-3.39.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.36.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.36.1
- (no CPE)range: < 1.8.2~dev3-3.33.1
- (no CPE)range: < 2.2.2~dev1-11.43.1
- (no CPE)range: < 2.2.2~dev1-11.43.1
- (no CPE)range: < 2.7.1~dev10-3.35.2
- (no CPE)range: < 4.0.2~dev2-12.36.1
- (no CPE)range: < 4.0.2~dev2-12.36.1
- (no CPE)range: < 11.0.9~dev69-13.46.1
- (no CPE)range: < 11.0.9~dev69-13.46.1
- (no CPE)range: < 13.0.8~dev164-6.37.1
- (no CPE)range: < 16.1.9~dev92-11.44.1
- (no CPE)range: < 16.1.9~dev92-11.44.1
- (no CPE)range: < 18.3.1~dev91-3.37.1
- (no CPE)range: < 1.0.6~dev3-12.41.1
- (no CPE)range: < 1.0.6~dev3-12.41.1
- (no CPE)range: < 3.2.3~dev7-4.33.1
- (no CPE)range: < 7.0.5~dev4-11.40.1
- (no CPE)range: < 7.0.5~dev4-11.40.1
- (no CPE)range: < 9.0.2~dev15-3.33.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.31.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.31.1
- (no CPE)range: < 2.19.2~dev48-2.28.1
- (no CPE)range: < 8.0.2~dev2-11.40.1
- (no CPE)range: < 8.0.2~dev2-11.40.1
- (no CPE)range: < 3.4.10-3.15.1
- (no CPE)range: < 3.4.10-3.15.1
- (no CPE)range: < 3.4.13-3.12.1
- (no CPE)range: < 3.4.10-3.15.1
- (no CPE)range: < 3.4.13-3.12.1
- Apache Software Foundation/Apache Log4j 1.xv5Range: 1.0.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- github.com/advisories/GHSA-w9p3-5cr8-m3jjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23302ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/01/18/3ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4wghsax_refsource_MISCWEB
- logging.apache.org/log4j/1.2/index.htmlghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220217-0006ghsaWEB
- security.netapp.com/advisory/ntap-20220217-0006/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
- www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerabilityghsaWEB
- www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.